Cyber espionage attacks sponsored by nation-states are becoming more sophisticated as attackers differentiate their tools from traditional cyber criminals, according to the information technology security firm Kaspersky Labs.
In response to industry’s success in uncovering advanced persistent threat groups, the nation-state sponsored actors are finding ways to better conceal their attacks and changing their approach depending on the target and the information they are after, the Russia-based vendor of endpoint detection software reported on March 11.
“Nation-state attackers are looking to create more stable, invisible, reliable and universal cyber espionage tools,” Costin Raiu, director of Global Research and Analysis Team at Kaspersky Labs, said in a statement. “Sophistication of the framework makes this type of actor different from traditional cyber criminals, who prefer to focus on payload and malware capabilities designed for direct financial gains.”
Kaspersky Lab specialists analyzed the EquationDrug cyber espionage platform, which was developed by the threat actor EquationDrug, to confirm the trends they are seeing. The company says that the platform, which has been around for more than 10 years, is being replaced by a new cyber espionage platform, GrayFish.
Kasperksy Labs says that nation-state actors prefer building unique, customized malware instead of using publicly available source code that traditional cyber criminals use. It also says that nation-state attackers make highly targeted, surgical attacks against a small number of users rather than using mass-distribution emails or large scale infections of websites that cyber crooks use.
“It may seem unusual that a cyber espionage platform as powerful as EquationDrug doesn’t provide all stealing capability as standard in its malware core,” Raiu said. “The answer is that they prefer to customize the attack for each one of their victims. Only if they have chosen to actively monitor you and the security products on your machines have been disarmed, will you receive a plug-in for the live tracking of your conversations or other specific functions related to your activities. We believe modularity and customization will become a unique trademark of nation-state attackers in the future.”